Listen to this Post
Law enforcement agencies have taken down a multi-million-dollar cybercrime ring responsible for infecting thousands of wireless routers worldwide. Four individualsâthree Russian nationals and one Kazakhstaniâhave been arrested and charged in connection with a sprawling botnet operation that leveraged compromised internet routers to operate illicit proxy services.
This case highlights a troubling evolution in the cybercriminal ecosystem: the monetization of infected hardware via stealthy, long-term malware deployments. At the center of the operation were two infamous servicesâAnyproxy and 5socksâwhich sold access to hijacked routers on a subscription basis, enabling buyers to mask their identities and reroute malicious traffic globally.
The Botnet Business Model That Net $46 Million
In a recently unsealed indictment, U.S. authorities charged Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, Aleksandr Aleksandrovich Shishkin, and Dmitriy Rubtsov with conspiracy, computer fraud, and other related cyber offenses.
The hackers created a massive botnet by exploiting outdated wireless internet routers. Using malware strains named Anyproxy and 5socks, they silently infected these devices without ownersâ knowledge. Once compromised, the routers were reconfigured to function as proxy nodes, providing third parties with anonymous internet access.
These proxies were sold on 5socks.net and Anyproxy.net, marketed as tools for anonymity and privacy, but often used for cyberattacks, fraud, or bypassing geo-blocks. The subscription model ranged from \$9.95 to \$110 per month, depending on the level of access and number of proxies.
Authorities believe the operation has been active since 2004, quietly amassing over \$46 million in revenue.
Though the infected routers spanned across dozens of countries, the infrastructure was partly operated through a hosting provider in Virginia, and domains were registered under false identitiesâleading to additional charges against Chertkov and Rubtsov.
A coordinated law enforcement effort involving the FBI Oklahoma City Cyber Task Force and international cybercrime units led to the seizure of both domains and the dismantling of the botnet infrastructure.
What Undercode Say:
This case underscores a number of critical cyber trends that should raise red flags for cybersecurity professionals and consumers alike:
- Legacy Device Exploitation: The hackers targeted older-model routersâdevices more likely to have outdated firmware and limited user oversight. The failure to update home or business-grade routers creates fertile ground for silent takeovers.
Malware-as-a-Service (MaaS): Anyproxy and 5socks werenât just tools for cybercriminalsâthey were platforms for subscription-based malware services. This approach mimics the SaaS business model but for illicit use, making cybercrime scalable and commercially viable.
Stealth and Longevity: The operation lasted over 20 years without detection, suggesting advanced obfuscation techniques and minimal user disruption. It raises serious concerns about how many devices are currently part of unseen botnets.
Cross-border Hosting & Legal Complexity: Even though the primary infrastructure was operated in the U.S., jurisdictional hurdles delayed enforcement. Cybercrime isnât limited by borders, but law enforcement often is.
Monetization Through Infrastructure Abuse: Instead of stealing data or deploying ransomware, these hackers monetized network access. This âsilent theftâ is harder to detect and arguably more profitable over the long term.
Legal Ramifications & New Norms: The charges include false domain registration, which is increasingly being enforced. It signals a tighter grip on identity verification in digital infrastructure management.
Massive Undetected Botnets Still Active? This takedown raises the question: how many more similar operations remain undetected? Given the profitability and stealth of this scheme, other actors may be running similar services with impunity.
Router Manufacturers and ISPs need to implement better patching mechanisms, remote update policies, and consumer alerts for vulnerable hardware.
Consumers Unknowingly Aiding Cybercrime: Most router owners had no idea their devices were compromised, unknowingly facilitating proxy traffic used in potentially illegal or unethical activity.
The End of the Wild West for Proxies: With rising enforcement and digital identity laws, operating such marketplaces without oversight is becoming riskier.
This operation sets a precedent.
Fact Checker Results:
Verified: The 5socks.net and Anyproxy.net domains have been seized by the FBI.
Verified: Over \$46 million in profits traced from router-based proxy subscriptions.
Verified: Malware used includes Anyproxy and 5socks, targeting outdated routers globally.
Prediction:
Botnet monetization via proxy sales will likely evolve rather than disappear. As law enforcement disrupts centralized services, future operations may adopt decentralized platforms, blockchain-based identity cloaking, or peer-to-peer botnets to evade detection. Also, with increasing surveillance and legal scrutiny, threat actors might shift to private invite-only proxy networks rather than public marketplaces like 5socks.net.
The crackdown on Anyproxy and 5socks signals a new era of enforcementâbut also pushes cybercrime deeper into shadowy, hard-to-reach corners of the internet.
References:
Reported By: www.darkreading.com
Extra Source Hub:
https://stackoverflow.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
